Cyber crime is a booming business for criminals. Businesses of all sizes are being targeted for scams that range from tech support scams, 401(k) disbursement scams, and phishing attacks. Crime as a Service (CaaS) allows criminals to purchase software and lowers the bar for entry into cyber crime. This offering provides the tools for someone lacking technical knowledge to buy services to carry out cyber crime. In addition, CaaS allows unsophisticated criminals to utilize harmful technology.
Recent Cyber Phishing Scams, claim handled by Chubb Insurance:
A financial institution recently became the victim of an e-mail phishing attack targeted against its employees. As a result of the attack, more than 400 employee e-mail accounts were compromised. The organization retained a forensic firm to investigate the extent of the breach, as well as an incident response coach. Data mining and a review of what information was compromised is ongoing. This initial phase of the incident response will cost more than $1.5M for both the coach and forensic firm. Once this review is complete, there will be an assessment as to whether notification and credit monitoring services are necessary.
The evolving crime and cyber environment have necessitated a need to coordinate coverage between the cyber policy and the crime policy. Traditionally:
As the lines of coverage begin to blur, cyber liability carriers are adding grants of coverage for cyber crime and crime markets are evolving as well.
It is important to coordinate the “Other Insurance” provision in both policies if there is duplicate coverage. This should assist in the event of a claim and determine which is primary and which is excess. Every organization should work with their insurance broker to evaluate potential gaps in coverage and overlaps as well.
It is also important for Cyber insurance policies to be evaluated critically each year because of the rapid rate of change. It is important to work with a cyber broker that knows the difference. If you have questions about what policy should respond or if you have adequate cyber coverage, please contact me to further discuss.
Sources: (Europol, Krebs on Security, Chubb, Beazley, justice.gov, ic3.gov)
Note: This communication is for informational purposes only. Although every reasonable effort is made to present current and accurate information, Oswald makes no guarantees of any kind and cannot be held liable for any outdated or incorrect information. View our communications policy.